Remarks/Arguments 



Claims 1, 4-32, and 35-44 are currently pending. Claims 1,17, and 32 are hereby 
amended. Claims 2, 3, 33, and 34 are hereby cancelled. No claims are added. No new 
matter is added. Claims 1,17 and 32 are independent. 

Rejection of claim 1 under 35 U.S.C. 1 12 

The Examiner rejected claim 1 under 35 U.S.C. 1 12, second paragraph as lacking 
antecedent basis for containing the phrase "the frequency of the attribute" which lacked 
antecedent basis. Applicant hereby amends claim 1 to replace "the frequency of the 
attribute" with the limitation "the determined frequency" to clarify that the frequency 
referred to is the frequency determined in the previous step. Applicant therefore submits 
this rejection is overcome. 

Double Patenting rejection 

The Examiner rejected claim 1, 2, 5-17, 20, 21, 25, 27-32, 39-41, and 44 as 
patentably indistinct from pending application 10/782,726. Applicant hereby submits a 
terminal disclaimer for the instant case, and therefore submits this rejection is overcome. 

Rejection of claims 1-6, 17-21, 32-37 

The examiner rejected claims 1-6, 17-21, 32-37 as anticipated by U.S. Patent No. 
6,772,347 (Xie). Applicant hereby amends independent claims 1,17, and 32. 

Applicant respectfully submits that Xie does not teach or suggest the limitation: 
"based on the count for the attribute, determining a frequency with which messages 
having the attribute were rejected by the rejection rule," as required by independent 
claims 1, 17, and 32. The Examiner cites Xie, Col. 5 lines 10-15, as describing 
"determining a frequency with which messages having the attribute were rejected by the 
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rejection rule." (Office Action p. 4). However, this portion of Xie describes the opposite 
of the present claims. Specifically, this portion of Xie states 

"for certain rules, known as counter rules, the firewall engine will increment the 
count register and continue the search. If the count threshold is exceeded, or if the 
search locates a match for a non-counter rule, the search results are written to the 
status register." 

The counter rules described by Xie allow a certain number of messages of a given type to 
pass, and then disallow remaining messages once that threshold is exceeded. By contrast, 
the present claims reject messages until the threshold is reached, and then generate an 
exception rule allowing the traffic. Thus Xie does not teach or suggest "based on the 
count for the attribute, determining a frequency with which messages having the attribute 
were rejected by the rejection rule" 

Likewise, Xie does not teach or suggest "generating an exception rule to the 
rejection rule which rejected the messages with the attribute, responsive to the 
determined frequency exceeding a threshold" as required by independent claims 1,17, 
and 32. The Examiner cites Xie, Col. 5, lines 50-52 for this limitation (Office Action, p. 
4). Again, this portion of Xie teaches the opposite of the pending claims. This portion of 
Xie describes the following 

The dynamic filter 637 generates rules using criteria such as port number and IP 
address, which are extracted from incoming packets for applications, such as 
RealAudio, Netmeeting (which uses the H3232 protocol) and network file system 
(NFS). 

For example, when an FTP is initiated, the first sequence of FTP packets, which 
includes information on the port number and the IP address, will be passed by the 
rules in the ACL engine 621. The dynamic filter 637 then extracts port number and 
IP address from this first sequence of packets, and generates new rules, similar to the 
fixed rules used by the ACL, including these criteria. Later sequences of FTP packets 
will be denied by the ACL engine 621, but the dynamic filter 637 will pass the 
packets based on the new, dynamically-generated rules. 

These passages illustrate that the dynamic rules of Xie are generated in response 
to information contained in previously allowed traffic (e.g. port numbers in allowed FTP 
initiation traffic) — the insight of Xie is to observe previously allowed messages to 

4273510vl 



determine what future traffic should also be allowed. By contrast, the present claims 
require generating an exception rule responsive to the determined frequency of 
previously rejected messages exceeding a threshold. The Examiner admits in a later 
rejection that "Xie does not disclose dynamically generated rules when it is determined 
that packet denial is greater than a desired threshold amount." The present claims require 
determining that messages having an attribute be rejected at least a certain amount of 
times before an exception rule is generated allowing future packets having the 
attributes — exactly the concept the Examiner admits is not discussed in Xie. Thus Xie 
does not teach or suggest "generating an exception rule to the rejection rule which 
rejected the messages with the attribute, responsive to the determined frequency 
exceeding a threshold" as required by independent claims 1,17, and 32. 

Rejection of claims 7-15. 22-30. and 38-43 

The Examiner rejected claims 7-15, 22-30, and 38-43 under 35 U.S.C. 103(a) as 
being unpatentable over Xie in view of U.S. Pub. No. 2005/0086206 (Balasubramanian). 
As argued above, Applicant respectfully submits that Xie does not teach or suggest 
"based on the count for the attribute, determining a frequency with which messages 
having the attribute were rejected by the rejection rule," or "generating an exception rule 
to the rejection rule which rejected the messages with the attribute, responsive to the 
determined frequency exceeding a threshold" as required by claims 7-15, 22-30, and 38- 
43. Applicant further submits that Balasubramanian does not disclose those limitations 
either. Although Balasubramanian describes some filtering of URLs, Balasubramian fails 
to teach or suggest determining any frequency of rejected messages or generating any 
exception rules based on such frequencies. Thus Balasubramanian and Xie, either alone 
or in combination, does not teach or suggest "based on the count for the attribute, 
determining a frequency with which messages having the attribute were rejected by the 
rejection rule," or "generating an exception rule to the rejection rule which rejected the 
messages with the attribute, responsive to the determined frequency exceeding a 
threshold" as required by as required by claims 1,17, and 32, from which claims 7-15, 
22-30, and 38-43. 
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Rejection of claims 16, 31, and 44 

The Examiner rejected claims 16, 31, and 44 under 35 U.S.C. 103(a) as being 
unpatentable over Xie in view of Balasubramanian and further in view of U.S. Pub. No. 
2004/0250124 (Chesla). As argued above, Balasubramanian and Xie, either alone or in 
combination, do not teach or suggest "based on the count for the attribute, determining a 
frequency with which messages having the attribute were rejected by the rejection rule," 
or "generating an exception rule to the rejection rule which rejected the messages with 
the attribute, responsive to the determined frequency exceeding a threshold" as required 
by claims 1,17, and 32, from which claims 16, 31 and 44 depend. Applicant respectfully 
submit that Chesla fails to cure the deficiency. The portion of Chesla ([0017]) cited by 
the Examiner simply describes the desirability of a feedback control loop without greater 
detail. Further reading of Chesla reveals that, as with Xie, the feedback loop of Chesla 
operates in the opposite manner of the present claims. Chesla detects parameters of 
malicious traffic, and then rejects future packets based on those parameters (See e.g. 
[0149]). By contrast, the present claims require counting a number of previously rejected 
messages to generate a rule causing subsequent traffic to be allowed. Thus Chesla does 
not teach or suggest "based on the count for the attribute, determining a frequency with 
which messages having the attribute were rejected by the rejection rule," or "generating 
an exception rule to the rejection rule which rejected the messages with the attribute, 
responsive to the determined frequency exceeding a threshold" as required by claims 1, 
17, and 32, from which claims 16, 3 1 and 44 depend. 
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CONCLUSION 

In view of the above remarks, Applicant believes the pending application is in 
condition for allowance. 



Respectfully submitted, 

CHOATE, HALL & STEWART LLP 
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